CVE-2025-7300 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-7300?

CVE-2025-7300 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to insufficient input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious DWG files with IrfanView's CADImage plugin. The memory corruption flaw occurs during DWG file parsing due to insufficient input validation. Users of IrfanView with the vulnerable CADImage plugin are affected.

💻 Affected Systems

Products:

IrfanView CADImage Plugin

Versions: Versions prior to the patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires IrfanView with CADImage plugin installed. User interaction needed (opening malicious file).

📦 What is this software?

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

Cadimage by Cadsofttools

View all CVEs affecting Cadimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running IrfanView, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration when users open malicious DWG files from untrusted sources.

🟢

If Mitigated

Limited impact with proper application sandboxing and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious DWG file. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IrfanView website for latest CADImage plugin update

Vendor Advisory: https://www.irfanview.com/

Restart Required: No

Instructions:

1. Visit https://www.irfanview.com/
2. Download latest IrfanView version
3. Install updated CADImage plugin
4. Verify plugin version is patched

🔧 Temporary Workarounds

Disable CADImage Plugin

windows

Remove or disable the vulnerable CADImage plugin from IrfanView

Navigate to IrfanView plugins folder and remove CADImage.dll

File Association Removal

windows

Remove DWG file association with IrfanView

Control Panel > Default Programs > Set Associations > Remove .dwg from IrfanView

🧯 If You Can't Patch

Implement application whitelisting to block IrfanView execution
Use email/web filtering to block DWG attachments from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check IrfanView Help > About Plugins for CADImage plugin version

Check Version:

irfanview.exe /plugins

Verify Fix Applied:

Verify CADImage plugin version matches latest patched version from vendor

📡 Detection & Monitoring

Log Indicators:

IrfanView process spawning unexpected child processes
Multiple DWG file open attempts from same source

Network Indicators:

Outbound connections from IrfanView process to unknown IPs

SIEM Query:

process_name:"i_view32.exe" AND (file_extension:".dwg" OR parent_process:explorer.exe)

📊 Metadata

CVE ID: CVE-2025-7300

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 21, 2025

Last Updated: July 25, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-547/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7300, you might also want to check these: